Feeds

Spyware scumbags make $2bn a year

Cash from chaos

  • alert
  • submit to reddit

Protecting against web application threats using SSL

Spyware ­ invasive programs that generate pop-ups, hijack home pages, redirect searches and poison DNS files ­ generates an estimated $2bn in revenue a year1, according to a study by anti-spyware firm Webroot. It estimates the surreptitious spyware and adware market "may be approaching 25 per cent" of the already-established market of online advertising.

As we've noted before, it's hard to square Webroot's $2n estimate with the observable size of adware market. Webroot's This calculation assumes a uniform distribution of spyware, among other statistical sins. Estimates on the damage caused by computer viruses are a notoriously inexact science. The same seems to apply to looking at the adware market.

SpyAudit

In the first quarter of 2005, 88 per cent of scans using Webroot's SpyAudit software found some form of unwanted program (Trojan, system monitor, cookie or adware) on consumer computers. The vast majority of corporate PCs (87 per cent) also harboured undesirable programs or cookies. Excluding cookies, more than 55 per cent of corporate PCs contained unwanted programs. Infested consumer PCs contained an average of 7.2 non-cookie infections.

Cookies annoy some people but they are nowhere near as serious a problem as key=logging or Trojan horse programs. System monitor (key logger programs) were found in seven per cent of consumer and enterprise PCs scanned using Webroot's software, down from 19 per cent in Q4 2004. Trojan horse programs were found on 19 per cent of consumer PCs and seven per cent of enterprise PCs, unchanged from Q4 2004.

Consumer sites 'riddled' with spyware

Webroot's data comes from analysis of stats from Webroot's consumer and corporate SpyAudit tools and from online research culled by Phileas, Webroot's automated spyware research system. Contrary to the perceived wisdom that spyware comes only from a limited number of dodgy online porn and warez sites, Phileas identified 4,294 sites (with almost 90,000 pages) containing some form of spyware.

Webroot's State of Spyware report names and shames the top ten most significant emerging spyware and adware threats based on detection, as well as potential impact. CoolWebSearch, an infamous piece of adware with over 100 different variants, was dubbed the top threat. GAIN and 180search Assistant were the next two most prevalent nuisances. ®

1 Webroot's figure for the value of the spyware market comes from multiplying the average number of pieces of adware per machines (4.38 - according to Webroot) times the number of active users on the net (290m - according to Nielsen Netratings) times the value of each adware installation per year ($2.25 - a figure derived Claria's filing that it made $90m a year from 40m "users").

Related links

Webroot's State of Spyware report (registration required)

Related stories

Adware-infected PCs net slimeware firms $3 a pop
Anti-spyware group collapses
Drive-by Trojans exploit browser flaws

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.